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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Previously Presented) A method in a telecommunication system for allowing a SIM- 
based authentication to users of a wireless local area network who are subscribers of a public 
land mobile network, the method comprising the steps of: 

(a) a wireless terminal accessing the wireless local area network through an 
accessible Access Point; 

(b) discovering an Access Controller interposed between the Access Point and the 
public land mobile network from the wireless terminal; 

(c) carrying out a challenge-response authentication procedure between the wireless 
terminal and the public land mobile network through the Access Controller, the 
wireless terminal provided with a SIM card and adapted for reading data thereof; 

the method characterized in that the challenge-response authentication submissions in 

step c) take place before having provided IP connectivity to the user, and are carried: 

- on top of a Point-to-Point layer 2 protocol (PPPoE) between the wireless 
terminal and the Access Controller; and 

- on an authentication protocol residing at application layer between the 
public land mobile network and the Access Controller; and 

the method further comprises a step of: 

(d) offering IP connectivity to the user at the wireless terminal, by sending an 
assigned IP address and other network configuration parameters, once said user 
has been validly authenticated by the public land mobile network. 
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2. (Previously Presented) The method in claim 1, wherein the step b) of discovering an 
Access Controller includes a step of establishing a Point-to-Point Protocol session 
between a Point-to-Point over Ethernet (PPoE) Protocol client in the wireless terminal 
and a Point-to-Point over Ethernet (PPoE) Protocol server in the Access Controller. 

3. (Previously Presented) The method in claim 1, wherein the step c) of carrying out the 
challenge-response authentication procedure include the steps of: 

(cl) sending a user identifier from the wireless terminal to the public land mobile 
network through the Access Controller; 

(c2) receiving an authentication challenge at the wireless terminal from the 
public land mobile network via the Access Controller; 

(c3) deriving encryption key and authentication response at the wireless terminal 
from the received challenge; 

(c4) sending the authentication response from the wireless terminal to the public 
land mobile network through the Access Controller; 

(c5) receiving at the Access Controller an encryption key from the public land 
mobile network; and 

(c6) extracting the encryption key received for further encryption of 
communication path with the wireless terminal. 

4. (Previously Presented) The method in claim 2, further comprising the step of shifting 
authentication information received on top of a Point-to-Point layer 2 protocol upwards to 
an authentication protocol residing at application layer for submissions toward the public 
land mobile network. 
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5. (Previously Presented) The method in claim 4, further comprising the step of shifting 
authentication information received on an authentication protocol residing at application 
layer downwards on top of a Point-to-Point layer 2 protocol for submissions toward the 
wireless terminal. 

6. (Previously Presented) The method in claim 3, further comprising the step of establishing 
at the wireless terminal a symmetric encryption path by using the previously derived 
encryption keys at the Access Controller and wireless terminal. 

7. (Currently Amended) The method in any preceding claim J_, wherein the step d) of 
sending an IP address includes a previous step of requesting such IP address from a 
Dynamic Host Configuration Protocol server. 

8. (Currently Amended) The method in any pr e c e ding claim J., wherein the communication 
between the Access Controller and the public land mobile network goes through an 
Authentication Gateway of said public land mobile network. 

9. (Currently Amended) The method in any prec e ding claimj., wherein the communication 
between the Access Controller and the Authentication Gateway of a public land mobile 
network goes through an Authentication Server of the wireless local area network in 
charge of authenticating local users of said wireless local area network who are not 
mobile subscribers. 

10. (Currently Amended) The method of any pr e c e ding claim J,, wherein the user identifier in 
step cl) comprises a Network Access Identifier. 

11. (Currently Amended) The method in any preceding claimj_, wherein the user identifier in 
step cl) comprises an International Mobile Subscriber Identity. 
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12. (Currently Amended) The method in any pr e cedi ng-claim J_, wherein the authentication 
protocol residing at application layer in step c) is an Extensible Authentication Protocol. 

13. (Previously Presented) The method in claim 12, wherein this Extensible Authentication 
Protocol is transported over a RADIUS protocol. 

14. (Previously Presented) The method in claim 12, wherein this Extensible Authentication 
Protocol is transported over a Diameter protocol. 

15. (Previously Presented) An Access Controller in a telecommunication system that 
comprises a wireless local area network including at least one Access Point, a public land 
mobile network, and at least one Terminal Equipment provided with a SIM card and 
adapted for reading subscriber data thereof, the Access Controller characterized in that 
it comprises: 

(a) a Point-to-Point layer 2 protocol (PPPoE) server for communicating with the 
wireless terminal, and arranged for tunneling the challenge-response 
authentication procedure; and 

(b) an authentication protocol residing at an OS I application layer for communicating 
with the public land mobile network. 

16. (Previously Presented) The Access Controller in claim 15 further comprising: 

(a) means for shifting the information received on top of the Point-to-Point layer 2 
protocol upwards to the authentication protocol residing at application layer; and 

(b) means for shifting the information received on the authentication protocol 
residing at application layer downwards on top of the Point-to-Point layer 2 
protocol (PPPoE). 
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17. (Previously Presented) The Access Controller in claim 16 further comprising means for 
requesting an IP address from a Dynamic Host Configuration Protocol server, after a user 
has been successfully authenticated by his public land mobile network. 

18. (Previously Presented) An Access Controller according to claim 17 adapted for 
communicating with a wireless terminal via an Access Point. 

19. (Previously Presented) An Access Controller according to claim 17 adapted for 
communicating with a public land mobile network via an Authentication Gateway. 

20. (Previously Presented) An Access Controller according to claim 17 adapted for 
communicating with an Authentication Gateway via an Authentication Server responsible 
for authenticating local users of a wireless local area network. 

21. (Currently Amended) An Access Controller according to any of claims 15 to 2 0, wherein 
the authentication protocol residing at application layer is an Extensible Authentication 
Protocol. 

22. (Previously Presented) The Access Controller in claim 21, wherein this Extensible 
Authentication Protocol is transported over a RADIUS protocol. 

23. (Previously Presented) The Access Controller in claim 21, wherein this Extensible 
Authentication Protocol is transported over a Diameter protocol. 

24. (Previously Presented) A wireless terminal comprising functionally for acting as a Point- 
to-Point layer 2 protocol (PPPoE) client and having an Extensible Authentication 
Protocol on top of this Point-to-Point layer 2 protocol. 

25. (Currently Amended) A telecommunication system comprising a wireless local area 
network that includes at least one Access Point, a public land mobile network, and at 
least one Terminal Equipment provided with a SIM card and adapted for reading 
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subscriber data thereof, characterized in that it further comprises the Access Controller 
in claims 15 to 23 for allowing SIM-based subscriber authentication to users of the 
wireless local area network who are subscribers of the public land mobile network. 
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